Emerging from a closed council meeting on May 25, 2026, Huntsville Mayor Nancy Alcock said council had received a confidential report regarding the cybersecurity incident of March 10, 2024.
She said the ransomware cost the Town $59,000. “Certain details related to the cybersecurity incident cannot be discussed publicly as doing so can compromise security or legal obligations,” Alcock read from a prepared statement. “But residents can be assured that the protection of the Town’s systems and information remains a priority.”
The Town first discovered the ransomware on March 10, 2024, which impacted the Town’s network, software, and systems.
At the time, the municipality noted that as soon as the incident was detected, the Town immediately enacted its incident response protocol, brought its systems offline to limit exposure, and engaged cybersecurity experts to investigate.
The Town said individuals for whom it had contact information and whose personal information was included in the compromised data had been contacted. While individuals who had previously provided sensitive information to the Town, Muskoka Heritage Place, the Algonquin Theatre, or Huntsville Public Library were encouraged to take the precautions outlined by the Office of the Privacy Commissioner of Canada at priv.gc.ca, to safeguard their data.
No further information was provided about the impact on individual residents.
You can find all of the Town’s communications on the issue, HERE.
Don’t miss out on Doppler!
Sign up here to receive our email digest with links to our most recent stories.
Local news in your inbox so you don’t miss anything!
Click here to support local news
It would be helpful to the many hundreds of residents affected by this data breach, to understand the cost breakdown that has the town claiming that the cost to taxpayers is only $59,000. I’m guessing that the details would reveal how much the town spent in staff overtime pay for work done to uncover the seriousness of the situation and those affected, to change processes and systems to address vulnerabilities; how much the town spent on external experts to investigate and make recommendations; how much the town spent on a third party to handle Huntsville residents’ calls (upon receiving a letter from Huntsville informing them that their confidential personal and financial data had been stolen); and how much Huntsville paid to 3rd party credit agencies to provide credit monitoring services for a year, for those affected. Then there is the cost to those affected by the data breach…where is that accounted for?